Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A small stack of Markdown tools configured using the Architect's team preferred conventions.
A small stack of Markdown tools (built on
markdown-it
) configured using the Architect team's preferred conventions for creating documentation and articles rendered and served from a cloud function.
Contents |
What is this?Arcdown is an opinionated toolchain to create technical content from Markdown source files as quickly as possible to enable on-the-fly rendering in a Lambda (or any server) runtime. Features
All built-ins are configurable and extensible. |
npm install arcdown
ESM only, requires Node.js v14+
The simplest usage is to just pass Arcdown.render
a string of Markdown:
import { readFileSync } from 'node:fs'
import { Arcdown } from 'arcdown'
const mdString = `
---
title: Hello World
category: Examples
---
## Foo Bar
lorem ipsum _dolor_ sit **amet**
[Architect](https://arc.codes/)
`.trim()
const arcdown = new Arcdown()
const {
frontmatter, // attributes from frontmatter
html, // the good stuff: HTML!
slug, // a URL-friendly slug
title, // document title from the frontmatter
tocHtml, // an HTML table of contents
} = await arcdown.render(mdString)
const fromFile = await arcdown.render(readFileSync('../docs/some-markdown.md', 'utf-8'))
⚙️ See below for configuration options.
Arcdown.render
returns a RenderResult
object with 4 strings plus any document "frontmatter".
|
|
|
|
|
|
|
|
|
|
Arcdown is set up to be used without any configuration. Out-of-the-box it uses defaults and conventions preferred by the Architect team (Architect project not required).
However, the renderer is customizable and extensible with a RendererOptions
object.
🪧 See ./example/ for a kitchen sink demo.
markdown-it
Config: markdownIt
|
By default, |
pluginOverrides
Three plugins are provided out-of-the-box and applied in a specific order.
Set configuration for each plugin by passing a keyed RendererOptions.pluginOverrides
object.
⛔️ Disable a plugin by setting its key in
pluginOverrides
tofalse
.
|
For performance reasons, this plugin was modified and bundled to |
|
|
|
|
|
|
plugins
It is possible to pass additional markdown-it
plugins to Arcdown's renderer by populating RendererOptions.plugins
.
Plugins can be provided in two ways and will be applied after the default plugins bundled with Arcdown.
|
|
|
|
hljs
A custom highlight()
method backed by Highlight.js is provided to the internal markdown-it
renderer. Arcdown will detect languages used in fenced code blocks in the provided Markdown string and attempt to register just those languages in hljs.
⚠️ Currently, shorthand aliases for languages are not supported.
Full language names should be used with Markdown code fences. Instead ofjs
, usejavascript
Set Highlight.js configuration by passing a keyed RendererOptions.hljs
object.
|
|
|
|
|
|
|
|
|
|
A couple plugins have been forked and/or vendored locally to this package. This has been done to increase performance and render speed.
Arcdown is not attached to any single package, plugin, or even to the core rendering engine, so long as the resulting features are maintained.
Suggestions and PRs welcome 🙏
markdown-it
?A great balance of speed, stability, adoption, and extensibility.
Most syntax highlighters are not fast enough for server-side rendering. hljs was tuned to work on slow client machines and performs well on a server.
That said, starry-night
is really interesting.
Because we used it a lot building docs sites and technical blogs.
In no particular order
FAQs
A small stack of Markdown tools configured using the Architect's team preferred conventions.
The npm package arcdown receives a total of 26 weekly downloads. As such, arcdown popularity was classified as not popular.
We found that arcdown demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.